Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 18, 2025, 6:25 p.m.	Feb. 18, 2025, 6:30 p.m.

Size	3.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c45149f1e680fd612c2922e3ca2b2487`
SHA256	`d823f83f718b3b796d400c98e979776d05a81d99ae67603312eb17a1f627648d`
CRC32	`E86977CC`
ssdeep	`49152:2Ew2RU9odArgTC69QsJ0rGwjYOa3iMckAIxRPKG9AVHrCpbi8EaqB8VCet:2E7UGdAkmaJEYOJ9IxRtgHm5zV`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 14, 2025, 11:15 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.esp: 2293020 registers.edi: 2808912 registers.eax: 0 registers.ebp: 2293024 registers.edx: 4294967295 registers.ebx: 2293036 registers.esi: 2292952 registers.ecx: 0	1	0	0

section

{u'size_of_data': u'0x0030c600', u'virtual_address': u'0x00818000', u'entropy': 7.999927323975552, u'name': u'UPX1', u'virtual_size': u'0x0030d000'}

entropy

7.99992732398

description

A section with a high entropy has been found

entropy

0.999839846252

description

Overall entropy of this PE file is high

Lionic	Trojan.Win32.Coins.i!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojanpws.Coins
Skyhigh	BehavesLike.Win32.Generic.wc
ALYac	Gen:Variant.Lazy.407549
Cylance	Unsafe
VIPRE	Gen:Variant.Lazy.407549
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Gen:Variant.Lazy.407549
K7GW	Trojan ( 005c06ef1 )
K7AntiVirus	Trojan ( 005c06ef1 )
Arcabit	Trojan.Lazy.D637FD
VirIT	Trojan.Win32.Genus.XOC
Symantec	Trojan Horse
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of WinGo/Agent.VO
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.Win32.Coins.pef
Alibaba	TrojanPSW:Win32/Coins.78691581
NANO-Antivirus	Trojan.Win32.Lazy.kvosxe
MicroWorld-eScan	Gen:Variant.Lazy.407549
Rising	Stealer.Coins!8.133E9 (CLOUD)
Emsisoft	Gen:Variant.Lazy.407549 (B)
F-Secure	Trojan.TR/AD.GenSteal.nclyi
DrWeb	BackDoor.Spy.4008
McAfeeD	Real Protect-LS!C45149F1E680
Trapmine	malicious.high.ml.score
CTX	exe.trojan.coins
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.c45149f1e680fd61
Google	Detected
Avira	TR/AD.GenSteal.nclyi
Antiy-AVL	GrayWare/Win32.Kryptik.ffp
Kingsoft	Win32.Trojan-PSW.Coins.pef
Gridinsoft	Trojan.Win32.Agent.sa
Xcitium	Malware@#2r31htvs8r6gz
Microsoft	Trojan:Win32/Multiverze!rfn
GData	Gen:Variant.Lazy.407549
Varist	W32/ABApplication.VJOF-8707
AhnLab-V3	Trojan/Win.Generic.R692058
McAfee	Artemis!C45149F1E680
DeepInstinct	MALICIOUS
VBA32	Trojan.Ghoso
Malwarebytes	Trojan.Injector.UPX
Ikarus	Trojan.WinGo.Agent
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09BC25

flilphbvd.exe